The branch, master has been updated via a414356 s3: Fix Coverity ID 2188: MISSING_BREAK via ba92c45 s3: Fix Coverity ID 2189: MISSING_BREAK via 25397de tdb: Fix Coverity ID 2192: NO_EFFECT via 261d6b0 s3: Fix Coverity ID 2195: NO_EFFECT via 8d9cbc7 librpc: Add some error checking to dcerpc_floor_pack_rhs_if_version_data via 9370c28 librpc: Fix Coverity ID 2198: NULL_RETURNS via 240aeeb s3: Fix Coverity ID 2200: NULL_RETURNS (cut&paste error) via 6bee354 s3: Fix Coverity ID 2228: RESOURCE_LEAK via 7e6030a s3: Fix Coverity ID 2226: RESOURCE_LEAK via c07be5f s3: Fix Coverity ID 976: BAD_SIZEOF via a431394 s3: Fix Coverity ID 958: BAD_SIZEOF via 8db0374 s3: Fix Coverity ID 682: NEGATIVE_RETURNS via 1a1675b s3: Fix Coverity ID 590: DEADCODE via 30085eb s3: Fix Coverity ID 585: NEGATIVE_RETURNS via 08e4e7f s3: Fix Coverity ID 513: UNINIT via 7c868e6 s3: Fix Coverity ID 83: RESOURCE_LEAK from 592c669 s3: Convert cli_raw_tcon to cli_smb
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a414356075ab28259fe4fe534478bc43aa3ce6d9 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 22:06:46 2011 +0200 s3: Fix Coverity ID 2188: MISSING_BREAK Autobuild-User: Volker Lendecke <vlen...@samba.org> Autobuild-Date: Sun Mar 27 23:11:10 CEST 2011 on sn-devel-104 commit ba92c45787adb2fc8d3783a517530887eb9947d4 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 22:06:46 2011 +0200 s3: Fix Coverity ID 2189: MISSING_BREAK commit 25397de589e577e32bb291576b10c18978b5bc4e Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 21:43:53 2011 +0200 tdb: Fix Coverity ID 2192: NO_EFFECT (ret < 0) can never be true commit 261d6b0e9bc837520630410b5c016ea043cd8518 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 21:31:44 2011 +0200 s3: Fix Coverity ID 2195: NO_EFFECT level is unsigned commit 8d9cbc7c221ae49acef60f82e90f387b05c8e91f Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 21:19:37 2011 +0200 librpc: Add some error checking to dcerpc_floor_pack_rhs_if_version_data commit 9370c28425500c0ad8cff27886c49ce256a1e59e Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 21:17:53 2011 +0200 librpc: Fix Coverity ID 2198: NULL_RETURNS commit 240aeeb588a1c3f7f05efcf313cde3d06cce7720 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 20:57:45 2011 +0200 s3: Fix Coverity ID 2200: NULL_RETURNS (cut&paste error) commit 6bee354377719f1227e0cdc8c44bc8bc86691cd5 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 20:44:01 2011 +0200 s3: Fix Coverity ID 2228: RESOURCE_LEAK Holger, please check! commit 7e6030a495edcd2e9b6b82f63f19524c818aab59 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 20:38:52 2011 +0200 s3: Fix Coverity ID 2226: RESOURCE_LEAK Holger, please check! commit c07be5f74769d5a3fe450e86ca7e56e9738a3bf6 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 20:06:19 2011 +0200 s3: Fix Coverity ID 976: BAD_SIZEOF commit a431394ce37a3f647953969c85aac4415184a532 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 20:03:23 2011 +0200 s3: Fix Coverity ID 958: BAD_SIZEOF This is supposed to wipe out the md5 context, not only the first bytes of it. Others, please check! commit 8db0374251b72c3fc82367864da178dc842f588b Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 19:41:34 2011 +0200 s3: Fix Coverity ID 682: NEGATIVE_RETURNS commit 1a1675bbfee01ec2da6874cd3e71ff188ff448fd Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 19:29:42 2011 +0200 s3: Fix Coverity ID 590: DEADCODE commit 30085eb7927b48ed4f133d25a9da74dbb83bcb37 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 19:27:26 2011 +0200 s3: Fix Coverity ID 585: NEGATIVE_RETURNS commit 08e4e7fef7bda8f4e9e3b7da8d0596dfca289c59 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 19:11:44 2011 +0200 s3: Fix Coverity ID 513: UNINIT commit 7c868e61747350d932b1aee03c1d0d8b4c3ed726 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 27 19:08:10 2011 +0200 s3: Fix Coverity ID 83: RESOURCE_LEAK ----------------------------------------------------------------------- Summary of changes: lib/crypto/md5.c | 2 +- lib/tdb/common/tdb.c | 2 +- libcli/auth/smbencrypt.c | 5 ++++- librpc/rpc/binding.c | 23 +++++++++++++++++++---- nsswitch/libwbclient/wbc_util.c | 2 +- source3/auth/auth_server.c | 2 ++ source3/auth/auth_wbc.c | 4 +++- source3/client/clitar.c | 3 +++ source3/lib/memcache.c | 4 ---- source3/modules/vfs_crossrename.c | 2 +- source3/modules/vfs_smb_traffic_analyzer.c | 1 + source3/passdb/pdb_ldap.c | 2 +- source3/passdb/pdb_wbc_sam.c | 2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +- source3/utils/smbta-util.c | 1 + 15 files changed, 40 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c index e6178cc..0324744 100644 --- a/lib/crypto/md5.c +++ b/lib/crypto/md5.c @@ -144,7 +144,7 @@ _PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *ctx) MD5Transform(ctx->buf, (uint32_t *) ctx->in); byteReverse((uint8_t *) ctx->buf, 4); memmove(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */ diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c index a28e883..66be555 100644 --- a/lib/tdb/common/tdb.c +++ b/lib/tdb/common/tdb.c @@ -993,7 +993,7 @@ _PUBLIC_ int tdb_repack(struct tdb_context *tdb) bool tdb_write_all(int fd, const void *buf, size_t count) { while (count) { - size_t ret; + ssize_t ret; ret = write(fd, buf, count); if (ret < 0) return false; diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 3274f11..abd8ad9 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -529,7 +529,7 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx, bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags) { uint8_t new_pw[512]; - size_t new_pw_len; + ssize_t new_pw_len; /* the incoming buffer can be any alignment. */ string_flags |= STR_NOALIGN; @@ -537,6 +537,9 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag new_pw_len = push_string(new_pw, password, sizeof(new_pw), string_flags); + if (new_pw_len == -1) { + return false; + } memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len); diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c index 422537e..381e3ae 100644 --- a/librpc/rpc/binding.c +++ b/librpc/rpc/binding.c @@ -437,19 +437,30 @@ static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct nd return blob; } -static DATA_BLOB dcerpc_floor_pack_rhs_if_version_data(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax) +static bool dcerpc_floor_pack_rhs_if_version_data( + TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax, + DATA_BLOB *pblob) { DATA_BLOB blob; struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx); + enum ndr_err_code ndr_err; + + if (ndr == NULL) { + return false; + } ndr->flags |= LIBNDR_FLAG_NOALIGN; - ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version >> 16); + ndr_err = ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version >> 16); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } blob = ndr_push_blob(ndr); talloc_steal(mem_ctx, blob.data); talloc_free(ndr); - return blob; + *pblob = blob; + return true; } const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor) @@ -817,7 +828,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, tower->floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(tower->floors, &binding->object); - tower->floors[0].rhs.uuid.unknown = dcerpc_floor_pack_rhs_if_version_data(tower->floors, &binding->object); + if (!dcerpc_floor_pack_rhs_if_version_data( + tower->floors, &binding->object, + &tower->floors[0].rhs.uuid.unknown)) { + return NT_STATUS_NO_MEMORY; + } /* Floor 1 */ tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID; diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c index 6d7a96c..d783ba3 100644 --- a/nsswitch/libwbclient/wbc_util.c +++ b/nsswitch/libwbclient/wbc_util.c @@ -234,7 +234,7 @@ wbcErr wbcDcInfo(const char *domain, size_t *num_dcs, BAIL_ON_PTR_ERROR(names, wbc_status); ips = wbcAllocateStringArray(response.data.num_entries); - BAIL_ON_PTR_ERROR(names, wbc_status); + BAIL_ON_PTR_ERROR(ips, wbc_status); wbc_status = WBC_ERR_INVALID_RESPONSE; diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index fc46ce0..5fee1e4 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -399,6 +399,7 @@ use this machine as the password server.\n")); user_info->password.plaintext, strlen(user_info->password.plaintext), NULL, 0, user_info->mapped.domain_name); + break; /* currently the hash values include a challenge-response as well */ case AUTH_PASSWORD_HASH: @@ -410,6 +411,7 @@ use this machine as the password server.\n")); (char *)user_info->password.response.nt.data, user_info->password.response.nt.length, user_info->mapped.domain_name); + break; default: DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state)); nt_status = NT_STATUS_INTERNAL_ERROR; diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c index c2ff490..7ab9665 100644 --- a/source3/auth/auth_wbc.c +++ b/source3/auth/auth_wbc.c @@ -82,6 +82,7 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context, params.level = WBC_AUTH_USER_LEVEL_PLAIN; params.password.plaintext = user_info->password.plaintext; + break; } case AUTH_PASSWORD_RESPONSE: case AUTH_PASSWORD_HASH: @@ -106,10 +107,11 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context, params.password.response.lm_data = user_info->password.response.lanman.data; } + break; + } default: DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state)); return NT_STATUS_INTERNAL_ERROR; - } #if 0 /* If ever implemented in libwbclient */ case AUTH_PASSWORD_HASH: { diff --git a/source3/client/clitar.c b/source3/client/clitar.c index bef53dc..ac891aa 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -1206,16 +1206,19 @@ static void do_tarput(void) DEBUG(0, ("Skipping %s...\n", finfo.name)); if ((next_block(tarbuf, &buffer_p, tbufsiz) <= 0) && !skip_file(finfo.size)) { DEBUG(0, ("Short file, bailing out...\n")); + SAFE_FREE(longfilename); return; } break; case -1: DEBUG(0, ("abandoning restore, -1 from read tar header\n")); + SAFE_FREE(longfilename); return; case 0: /* chksum is zero - looks like an EOF */ DEBUG(0, ("tar: restored %d files and directories\n", ntarf)); + SAFE_FREE(longfilename); return; /* Hmmm, bad here ... */ default: diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index 5c4bafa..425861e 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -385,10 +385,6 @@ void memcache_flush(struct memcache *cache, enum memcache_number n) node = next; } - if (node == NULL) { - return; - } - /* * Then, find the leftmost element with number n */ diff --git a/source3/modules/vfs_crossrename.c b/source3/modules/vfs_crossrename.c index 323ceb1..ad8f45a 100644 --- a/source3/modules/vfs_crossrename.c +++ b/source3/modules/vfs_crossrename.c @@ -80,7 +80,7 @@ static int copy_reg(const char *source, const char *dest) #endif goto err; - if (transfer_file(ifd, ofd, (size_t)-1) == -1) + if (transfer_file(ifd, ofd, source_stats.st_ex_size) == -1) goto err; /* diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index f3d68dd..1e1732d 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -581,6 +581,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, " found, encrypting data!\n")); output = smb_traffic_analyzer_encrypt( talloc_tos(), akey, str, &len); + SAFE_FREE(akey); header = smb_traffic_analyzer_create_header( talloc_tos(), state_flags, len); diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 0e5567f..07c56eb 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -3491,7 +3491,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, size_t *p_num_entries, bool unix_only) { - GROUP_MAP map; + GROUP_MAP map = { 0, }; size_t entries = 0; *p_num_entries = 0; diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c index 9af8e4f..c1a7b75 100644 --- a/source3/passdb/pdb_wbc_sam.c +++ b/source3/passdb/pdb_wbc_sam.c @@ -50,7 +50,7 @@ static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods, if (pwd == NULL) return NT_STATUS_NO_SUCH_USER; - memset(user, 0, sizeof(user)); + ZERO_STRUCTP(user); /* Can we really get away with this little of information */ user->methods = methods; diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 030324c..d95bd54 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1709,7 +1709,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, return WERR_INVALID_PARAM; } - if (r->in.level < 0 || r->in.level > 3) { + if (r->in.level > 3) { return WERR_INVALID_PARAM; } if ((r->in.level == 1 && !r->in.userlevel.level1) || diff --git a/source3/utils/smbta-util.c b/source3/utils/smbta-util.c index 5b08165..6dfa0d5 100644 --- a/source3/utils/smbta-util.c +++ b/source3/utils/smbta-util.c @@ -154,6 +154,7 @@ static void load_key_from_file_and_activate( char *filename) if (akey != NULL) { printf("Removing the old key.\n"); delete_key(); + SAFE_FREE(akey); } printf("Installing the key from file %s\n",filename); secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1); -- Samba Shared Repository